Hack-weary Equifax yanks a web page that was reportedly delivering malware

Gwen Vasquez
October 13, 2017

On Thursday, Ars Technica reported that security analyst Randy Abrams was prompted to download fraudulent Adobe Flash updates when he visited the Equifax website to contest his credit report.

In a follow-up statement shared with KrebsOnSecurity this afternoon, however, Equifax said the problem stemmed from a "third-party vendor that Equifax uses to collect website performance data", and that "the vendor's code running on an Equifax Web site was serving malicious content".

The firm said it took down the link for credit report assistance temporarily "out of an abundance of caution".

Equifax's stock plunged at the news of the latest breach, a Wall Street Journal reporter noted on Twitter.

More news: Eminem releases an Anti-Trump Rap Cypher

The massive data breach has also led to a number of high-profile departures at the Atlanta-based consumer credit reporting agency, including its chief executive, chief information officer and chief security officer.

What personal information was stolen in the hack?


Last month, Equifax revealed that the hackers exploited a US website application vulnerability to gain access to certain files, which included names, Social Security numbers, birth dates, mailing addresses, and driver's license numbers.

In early October, Equifax revised the number of consumers potentially impacted in the breach - bumping up the total in the U.S.to 145.5 million and reducing the number in Canada from an estimated 100,000 to 8,000. Equifax first disclosed that breach in September. Equifax did not say who the third party vendor was. Not only is the service free, but Credit Karma lets you access your credit scores and reports without charge as many times as you like.

Other reports by LeisureTravelAid

Discuss This Article